Converting Cisco Easy VPN .pcf files to Linux vpnc configuration format

Since I use Linux exclusively, and have to interface with clients using various Windows technologies, open standards are an important aspect of our tech-life. For example, we use OpenOffice to read Word/Excel/Powerpoint files, and so on.

One thing that comes infrequently is the need to login to a corporate virtual private network (VPN) that uses Cisco's Easy VPN.

The client would send me a .pcf, and since I use Linux and prefer the command line, I have to convert it into vpnc's format.

We found that the easiest way is programmatic, but involves a few steps of preparation.

The steps below assume that you are running Ubuntu 8.04 LTS, but should work pretty much the same for any Debian derived distro. Other distros differ only in the the vpnc configuration path, and the way you install the dependencies needed.

First, we get the pcf2vpnc converter program. This is a perl script.

# Get the pcf to vpnc configuration file converter
# Make it executable
chmod +x pcf2vpnc 
# Move it to a place in our path
mv pcf2vpnc /usr/local/bin/

The above script calls a decrypt program for the group password in the .pcf file. Therefore we need to get the program and compile it. This also involves installing some dependencies for it as well.

# Get the cisco decrypt program
# Get the dependencies needed for it
sudo aptitude install libgcrypt-dev libgpg-error-dev
# Compile it into a binary
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
# Move it to a place in our path
sudo mv cisco-decrypt /usr/local/bin

We are now ready to run the script against the .pcf file, and save it to a .conf file

# Run the converter, which will call the decrypt program
pcf2vpnc Client.pcf > client.conf

We then copy the converted configuration file to vpnc's configuration directory:

sudo cp client.conf /etc/vpnc

And finally, we test the configuration file by logging to the VPN:

sudo vpnc client

Further reading




I am linux newbie, but I

I am linux newbie, but I managed to get the VPN connection working by following your excellent intructions. How do I disconnect from the VPN once I am finished using it?


To disconnect, use:

sudo vpnc-disconnect

Error while decoding


Not working fully for me on Debian Squeeze.

When I run the command I get a partial .conf file. However the encrypted secret has correctly been decrypted and has been placed in the IPSec secret line. Then I get an errormessage, and the conversion is incomplete.

This is a dump of what I did:

# pcf2vpnc client.pcf > client.conf
decoding input: No such file or directory

Any ideas??

A solution would me much appreciated. Would like just to use the opensource solution.

Kind regards,

solution for Debian Squeeze

I had the same issue on squeeze... but the solution is simple.

"#pcf2vpnc client.pcf"

The script will produce a file of the same name but as client.conf.

This solution worked great on Debian Squeeze for me.


working for me too! many thanks
it gave me error: decoding input: No such file or directory
but job was done on debian squeeze

Great job!

Works for me on Ubuntu 10.10!